From ad608ab9add1615d6aae3fde239e54d1eb36b0ca Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Tue, 23 Mar 2010 12:58:10 -0400
Subject: prevent password login actions in OpenID-only mode

---
 plugins/OpenID/OpenIDPlugin.php | 67 ++++++++++++++++++++++++++++++++++++++---
 1 file changed, 62 insertions(+), 5 deletions(-)

(limited to 'plugins/OpenID/OpenIDPlugin.php')

diff --git a/plugins/OpenID/OpenIDPlugin.php b/plugins/OpenID/OpenIDPlugin.php
index 24e4e0c32..270e2c624 100644
--- a/plugins/OpenID/OpenIDPlugin.php
+++ b/plugins/OpenID/OpenIDPlugin.php
@@ -47,11 +47,6 @@ class OpenIDPlugin extends Plugin
 {
     public $openidOnly = false;
 
-    function initialize()
-    {
-        common_debug("OpenID plugin running with openidonly = {$this->openidOnly}");
-    }
-
     /**
      * Add OpenID-related paths to the router table
      *
@@ -76,6 +71,60 @@ class OpenIDPlugin extends Plugin
         return true;
     }
 
+    /**
+     * In OpenID-only mode, disable paths for password stuff
+     *
+     * @param string $path     path to connect
+     * @param array  $defaults path defaults
+     * @param array  $rules    path rules
+     * @param array  $result   unused
+     *
+     * @return boolean hook return
+     */
+
+    function onStartConnectPath(&$path, &$defaults, &$rules, &$result)
+    {
+        if ($this->openidOnly) {
+            static $block = array('main/login',
+                                  'main/register',
+                                  'main/recoverpassword',
+                                  'settings/password');
+
+            if (in_array($path, $block)) {
+                return false;
+            }
+        }
+
+        return true;
+    }
+
+    /**
+     * If we've been hit with password-login args, redirect
+     *
+     * @param array $args args (URL, Get, post)
+     *
+     * @return boolean hook return
+     */
+
+    function onArgsInitialize($args)
+    {
+        if ($this->openidOnly) {
+            if (array_key_exists('action', $args)) {
+                $action = trim($args['action']);
+                if (in_array($action, array('login', 'register'))) {
+                    common_redirect(common_local_url('openidlogin'));
+                    exit(0);
+                } else if ($action == 'passwordsettings') {
+                    common_redirect(common_local_url('openidsettings'));
+                    exit(0);
+                } else if ($action == 'recoverpassword') {
+                    throw new ClientException('Unavailable action');
+                }
+            }
+        }
+        return true;
+    }
+
     /**
      * Public XRDS output hook
      *
@@ -140,6 +189,14 @@ class OpenIDPlugin extends Plugin
         $xrdsOutputter->elementEnd('XRD');
     }
 
+    /**
+     * If we're in OpenID-only mode, hide all the main menu except OpenID login.
+     *
+     * @param Action $action Action being run
+     *
+     * @return boolean hook return
+     */
+
     function onStartPrimaryNav($action)
     {
         if ($this->openidOnly && !common_logged_in()) {
-- 
cgit v1.2.3-54-g00ecf